<?php
error_reporting(E_ALL);

include_once('controller/includes/constants.php');
include_once('controller/includes/db_access.php');

// we first include the upload class, as we will need it here to deal with the uploaded file
include_once('controller/class.upload/class.upload.php');
$cli = (isset($argc) && $argc > 1);
if ($cli) {
    if (isset($argv[1])) $_GET['file'] = $argv[1];
    if (isset($argv[2])) $_GET['dir'] = $argv[2];
    if (isset($argv[3])) $_GET['pics'] = $argv[3];
}

// set variables
$dir_dest = (isset($_GET['dir']) ? $_GET['dir'] : 'test');
$dir_pics = (isset($_GET['pics']) ? $_GET['pics'] : $dir_dest);

//beveiliging tegen XSS aanval
function transforme_HTML($chaine, $longueur = null) {
// Aide à empêcher les attaques XSS
// Supression des espaces inutiles.
    $chaine = trim($chaine);
// Empêche des problèmes potentiels avec le codec Unicode.
    $chaine = utf8_decode($chaine);
// HTMLise les caractères spécifiques à HTML.
    $chaine = htmlentities($chaine, ENT_NOQUOTES);
    $chaine = str_replace("#", "&#35;", $chaine);
    $chaine = str_replace("%", "&#37;", $chaine);
    $longueur = intval($longueur);
    if ($longueur > 0) {
        $chaine = substr($chaine, 0, $longueur);
    }
    return $chaine;
}

if ((isset($_POST['action']) ? $_POST['action'] : (isset($_GET['action']) ? $_GET['action'] : '')) == 'multiple') {

    $set = transforme_HTML($_POST['naam']);
    $descr = transforme_HTML($_POST['descr']);
    $aktief = $_POST['aktief'];

    // ---------- IMAGE UPLOAD ----------
    // we create an instance of the class, giving as argument the PHP object
    // corresponding to the file field from the form
    // All the uploads are accessible from the PHP object $_FILES
    $handle = new Upload($_FILES['my_field'], 'nl_NL');

    // then we check if the file has been uploaded properly
    // in its *temporary* location in the server (often, it is /tmp)
    if ($handle->uploaded) {

        // yes, the file is on the server
        // below are some example settings which can be used if the uploaded file is an image.
        $handle->image_resize = true;
        $handle->image_ratio = true;
        $handle->image_y = 100;
        $handle->image_x = 100;

        // now, we start the upload 'process'. That is, to copy the uploaded file
        // from its temporary location to the wanted location
        // It could be something like $handle->Process('/home/www/my_uploads/');
        
        $handle->Process('my_uploads/sets/images');

        // we check if everything went OK
        if ($handle->processed) {
            // everything was fine !

            $q_set = new Query;
            $q_set
                    ->insert_into('`sets`', array(
                        '`naam`' => $set,
                        '`foto`' => $handle->file_dst_name,
                        '`descr`' => $descr,
                        '`aktief`' => $aktief,
                            )
            );}
            
        $result = $q_set->run();
        $set_id = $q_set->get_insert_id();
        if ($result && $set_id > 0) {
                    // yes, the file is on the server
        // below are some example settings which can be used if the uploaded file is an image.
        $handle->image_resize = true;
        $handle->image_ratio = true;
        $handle->image_y = 600;
        $handle->image_x = 600;

        // now, we start the upload 'process'. That is, to copy the uploaded file
        // from its temporary location to the wanted location
        // It could be something like $handle->Process('/home/www/my_uploads/');
        
         $handle->Process('my_uploads/sets/images');

        // we check if everything went OK
        if ($handle->processed) {
            // everything was fine !

            $q_set = new Query;
                        $q_set->update('`sets`')
                                ->set(
                                        array(
                                            '`foto_b`' => $handle->file_dst_name
                                        )
                                )
                                ->where_equal_to(
                                        array(
                                            '`sets`.`set_id`' => $set_id
                                        )
                                );
     
            $result2 = $q_set->run();
            
       
            if ($result2 && $q_set->get_affected() > 0) {

                $total_products = $_POST['count'];
                for ($j = 1; $j <= $total_products; $j++) {

                    $aantal = $_POST['aantal' . $j];
                    $product_id = $_POST['product_id' . $j];
                    //$huurprijs = transforme_HTML($_POST['prijs']);

                    $aktief = $_POST['aktief'];

// Insert a new user into the `user` table  
                    $q_set2product = new Query;
                    $q_set2product
                            ->insert_into('`set2product`', array(
                                '`product_id`' => $product_id,
                                '`set_id`' => $set_id,
                                '`aantal`' => $aantal,                              
                                '`aktief`' => $aktief,
                                    )
                            );
                    $q_set2product->run();  }
                    //$set2product_id = $q_set2product->get_insert_id();
                    //if ($result && $set2product_id > 0) {}
                        
 //-----------------------KORTING ISERT------------------------------
                        
                    $korting = $_POST['korting'];    
                        
            $q_setkorting = new Query;
            $q_setkorting
                    ->insert_into('`setkorting`', array(
                        '`set_id`' => $set_id,
                        '`korting`' => $korting,
                        '`aktief`' => $aktief,
                            )
            );

            $result3 = $q_setkorting->run();
            $korting_id = $q_setkorting->get_insert_id();
            if ($result3 && $korting_id > 0) {
                
                
                
                
 // we have three forms on the test page, so we redirect accordingly
//if (isset($_FILES['my_doc'])) {

    // ---------- SIMPLE UPLOAD ----------

    // we create an instance of the class, giving as argument the PHP object
    // corresponding to the file field from the form
    // All the uploads are accessible from the PHP object $_FILES
    $doc_handle = new Upload($_FILES['my_doc']);

    // then we check if the file has been uploaded properly
    // in its *temporary* location in the server (often, it is /tmp)
    if ($doc_handle->uploaded) {

        // yes, the file is on the server
        // now, we start the upload 'process'. That is, to copy the uploaded file
        // from its temporary location to the wanted location
        // It could be something like $handle->Process('/home/www/my_uploads/');
        
       $doc_handle->Process('my_uploads/sets/download');

        // we check if everything went OK
        if ($doc_handle->processed) {
            // everything was fine !
 
        $q_doc = new Query;
                        $q_doc->update('`sets`')
                                ->set(
                                        array(
                                            '`download`' => $doc_handle->file_dst_name
                                        )
                                )
                                ->where_equal_to(
                                        array(
                                            '`sets`.`set_id`' => $set_id
                                        )
                                )
     
          ->run();
      
        } else {
            // one error occured
         
            echo '  Error: ' . $doc_handle->error . '';
          
        }

        // we delete the temporary files
        $doc_handle-> Clean();

    } else {
        // if we're here, the upload file failed for some reasons
        // i.e. the server didn't receive the file
      
        echo '  Error: ' . $doc_handle->error . '';
     
    }

//}
                             
 //----------------------------TOEPASSING INSERT------------------------------ 
                
                        if(isset($_POST['toepassing_id'])) {
                        foreach($_POST['toepassing_id'] as $record)
                        {
                            $q_set2toepassing = new Query;
                        $q_set2toepassing
                                ->insert_into('`set2toepassing`', array(
                                    '`toepassing_id`' => $record,
                                    '`set_id`' => $set_id,
                                        )
                        );
                        $q_set2toepassing->run();
                        } }  
                
            }
                        
                        $handle->Clean();
                        
                         header('Location: set_list.php');
                       
                    //}
              
            }}
        } else {
            // one error occured
             echo '  Error: ' . $handle->error . '';
             
        }


        // we delete the temporary files

    } else {
        // if we're here, the upload file failed for some reasons
        // i.e. the server didn't receive the file

        echo '  Error: ' . $handle->error . '';
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
        <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
           <link rel="stylesheet" href="styles/style.css" type="text/css" charset="utf-8" media="screen" />

        <title>CMS | db me</title>
        <META NAME="ROBOTS" CONTENT="NOARCHIVE, NOINDEX, NOFOLLOW" />
        <META NAME="GOOGLEBOT" CONTENT="NOSNIPPET" />


    </head>
    <body>
        <table border="0" width="900" cellspacing="5" cellpadding="5">
            <form name="form1" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
                <input type="hidden" name="action" value="multiple" />  


                <thead>
                    <tr>
                        <th colspan="3"><?php include_once('controller/includes/header.php'); ?></th>
                    </tr>

                </thead>

                <tbody>
                    <tr>
                        <td width="10%">Naam</td>
                        <td><input type="text" name="naam" value="" size="20" /></td>
                        <td></td>
                    </tr>
                    <tr>
                        <td>Beschrijving</td>
                        <td><textarea name="descr" rows="4" cols="20">
                            </textarea></td>
                        <td></td>
                    </tr>
                    <tr>
                        <td>Foto</td>
                        <td><input type="file" name="my_field" value="" size="20" /></td>
                        <td></td>
                    </tr>
                    <tr>
                        <td colspan="3">________________________________Samenstellen____________________________________</td>

                    </tr>
                    <tr>
                        <td>aantal</td>
                        <td>products</td>
                        <td></td>
                    </tr>

<?php
$q = new Query;
$q->select('*')
        ->from('`product`')
        ->order_by(array('`product`.`naam` ASC',))
        ->run();

$result = $q->run();
$count = $q->get_selected_count();
for ($i = 1; $i <= $count; $i++) {
    ?>


                        <tr>
                            <td><input type="hidden" name="count" value="<?php echo $count; ?>" /> 
                                <input type = "number" name="aantal<?php echo $i; ?>" min ="1" max ="20" value="" required = "required" /></td>
                            <td>
                                <select name="product_id<?php echo $i; ?>">;
                                    <option>--select product--</option>
    <?php
    $q = new Query;
    $q->select('*')
            ->from('`product`')
            ->order_by(array('`product`.`naam` ASC',))
            ->run();

    $result = $q->run();
    while ($rows = mysql_fetch_object($result)) {

        echo '<option value="' . $rows->product_id . '"  > ' . $rows->naam . '</option> ';
    }
    ?>

                                </select>
                            </td>
                            <td></td>
                        </tr> <?php } ?>
                    <tr>
                        <td>Set korting:</td>
                        <td><input type = "number" min ="1" max ="100" name="korting" value="" size="10" /> %</td>
                        <td></td>
                    </tr>
                    <tr>
                        <td>download</td>
                        <td><input type = "file" name="my_doc" value="" size="10" />--(PDF, DOC)</td>
                        <td></td>
                    </tr>
                    <tr>
                        <td>Aktief</td>
                        <td>
                            <input name="aktief" type="radio"  id="aktief" value="Y" /> Ja 
                            <input name="aktief" type="radio"  id="aktief" value="N" /> Nee</td>
                        <td></td>
                    </tr>
                    <tr>
                        <td colspan="3">___________________________________Toepassingen_________________________________</td>

                    </tr>
                   
                                <?php
    $q = new Query;
    $q->select('*')
            ->from('`toepassingen`')
            ->order_by(array('`toepassingen`.`sort` ASC',))
            ->run();

    $result = $q->run();
    while ($rows = mysql_fetch_object($result)) {
        echo ' <tr><td colspan="2"><input type="checkbox" name="toepassing_id[]" value="'. $rows->toepassing_id .'" />' . $rows->sort . '<td></td></tr>';

    }
    ?>
                            
                            

                    
                    <tr>
                        <td></td>
                        <td><input type = "submit" name="save" value="save" size="10" /></td>
                        <td></td>
                    </tr>

                </tbody> 
            </form>
        </table>
    </body>
</html>
